Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-266t-4gfq-duh4
Summary
Liferay Portal and Liferay DXP Information Disclosure Vulnerability in the Control Panel
Information disclosure vulnerability in the Control Panel in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions allows remote authenticated users to obtain a user's full name from the page's title by enumerating user screen names.
Aliases
0
alias CVE-2024-25150
1
alias GHSA-4585-28v2-8h46
Fixed_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp19
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp19
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp19
1
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u4
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.10.u4
2
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.4-ga4
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.4-ga4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11qf-d5xp-4fey
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.4-ga4
Affected_packages
0
url pkg:maven/com.liferay.portal/release.dxp.bom@7.3.0
purl pkg:maven/com.liferay.portal/release.dxp.bom@7.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-266t-4gfq-duh4
2
vulnerability VCID-4mcy-yw2p-v7bd
3
vulnerability VCID-7zhe-ztqw-gkhh
4
vulnerability VCID-a7z8-2fzy-2qee
5
vulnerability VCID-b7h9-cxkj-hkc8
6
vulnerability VCID-e5c7-wsvb-dyfm
7
vulnerability VCID-ggs5-4zac-vqa7
8
vulnerability VCID-h261-uqtv-yfek
9
vulnerability VCID-hrnu-4t2j-9qba
10
vulnerability VCID-hw1d-gdcv-vkec
11
vulnerability VCID-k6d6-hyep-pbac
12
vulnerability VCID-k7yh-fkj8-t3fx
13
vulnerability VCID-k9yt-aj7x-3bht
14
vulnerability VCID-mph8-zzjv-67av
15
vulnerability VCID-n6qs-hded-rydp
16
vulnerability VCID-p9am-1rhf-6bh2
17
vulnerability VCID-q7bs-639b-pken
18
vulnerability VCID-tqvb-a46r-jbf8
19
vulnerability VCID-uug8-ap5n-r3g2
20
vulnerability VCID-xa5h-2khm-efgj
21
vulnerability VCID-xe2v-j69t-d3h3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.dxp.bom@7.3.0
1
url pkg:maven/com.liferay.portal/release.portal.bom@7.2.0
purl pkg:maven/com.liferay.portal/release.portal.bom@7.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fqz-psdf-g7dm
1
vulnerability VCID-266t-4gfq-duh4
2
vulnerability VCID-77qw-vmwe-x3d4
3
vulnerability VCID-8jv6-163j-a7b2
4
vulnerability VCID-9471-umbz-pucy
5
vulnerability VCID-9yw4-52sc-rbbz
6
vulnerability VCID-e5c7-wsvb-dyfm
7
vulnerability VCID-ggs5-4zac-vqa7
8
vulnerability VCID-hw1d-gdcv-vkec
9
vulnerability VCID-k9yt-aj7x-3bht
10
vulnerability VCID-mcea-q7za-duay
11
vulnerability VCID-p9am-1rhf-6bh2
12
vulnerability VCID-qks2-mqk8-wffq
13
vulnerability VCID-ub82-jbgf-mfb8
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.2.0
References
0
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
url https://github.com/liferay/liferay-portal
1
reference_url https://github.com/liferay/liferay-portal/commit/12844a327061ad55e560f5ab7056381e9cc05d86
reference_id
reference_type
scores
url https://github.com/liferay/liferay-portal/commit/12844a327061ad55e560f5ab7056381e9cc05d86
2
reference_url https://github.com/liferay/liferay-portal/commit/8eba0b84a0967ad785d96cb09f41f3fac998dcfc
reference_id
reference_type
scores
url https://github.com/liferay/liferay-portal/commit/8eba0b84a0967ad785d96cb09f41f3fac998dcfc
3
reference_url https://github.com/liferay/liferay-portal/commit/9d7676866a77c910a7cf689e33c621666bff9a04
reference_id
reference_type
scores
url https://github.com/liferay/liferay-portal/commit/9d7676866a77c910a7cf689e33c621666bff9a04
4
reference_url https://github.com/liferay/liferay-portal/commit/c5fa9c50514d2be0191cb076b8744c7a871f23dc
reference_id
reference_type
scores
url https://github.com/liferay/liferay-portal/commit/c5fa9c50514d2be0191cb076b8744c7a871f23dc
5
reference_url https://github.com/liferay/liferay-portal/commit/eee01ec6cce3cca99c9e12fba846db1fc64d610d
reference_id
reference_type
scores
url https://github.com/liferay/liferay-portal/commit/eee01ec6cce3cca99c9e12fba846db1fc64d610d
6
reference_url https://github.com/liferay/liferay-portal/commit/f9d6c9b9551956c6f07d4ae8998f53392e3389c0
reference_id
reference_type
scores
url https://github.com/liferay/liferay-portal/commit/f9d6c9b9551956c6f07d4ae8998f53392e3389c0
7
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25150
reference_id CVE-2024-25150
reference_type
scores
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25150
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-25150
reference_id CVE-2024-25150
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2024-25150
9
reference_url https://github.com/advisories/GHSA-4585-28v2-8h46
reference_id GHSA-4585-28v2-8h46
reference_type
scores
url https://github.com/advisories/GHSA-4585-28v2-8h46
Weaknesses
0
cwe_id 201
name Insertion of Sensitive Information Into Sent Data
description The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.
1
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
2
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
Exploits
Severity_range_scorenull
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-266t-4gfq-duh4